I wondered if the company that provided my VPS for my money deceived me by the hour. The essence of the problem:
Recently fell off SSH. It turned out the SSH server stopped. Attempt to start ended with an error:

Failed to start service : /etc/init.d/ssh: xmalloc: ../bash/parse.y:5874: cannot allocate 394264557 bytes (1073799168 bytes allocated)

In short, something about memory.
Disconnected all the main services, except for BIND DNS Server, the situation repeated.
According to the statistics of working processes there is a result:

Real memory: 1024 MB total / 984.53 MB free / 252.34 MB cached Swap space: 256 MB total / 175.56 MB free

Almost all memory is free, but according to technical support assurances there is not enough memory and we need to raise the plan. The question is logical in my head, but how did this SSH server initially start up in principle? Are they cheating me, forcing me to give them more money?

Here is another problem. Unfortunately, I am only a mediocre pnp programmer, and in Linux administration he is a layman. But here is the screen from the file manager. Upstairs part of the files with the date of October 21. Are they strange? Yes, the ssh file itself 300 mb weighs. This is normal?

alt text

  • @ Dimka, if you do not mind, then specify the main character of this story. - VenZell
  • Yes, if the guys are not able or unwilling to answer a couple of my “Albanian” questions, then they will have to part with them. Or maybe even write a short novel about our "relationship" :))) - Dimka
  • one
    In general, if I'm not mistaken, then ssh just asks for 400 meters of memory. This is never normal, and you should really look at the contents of /etc/init.d/ssh and try to reinstall sshd (only this should be done very carefully so as not to leave the server without control). - etki
  • one
    @ Dimka, this is 99% hacking, the ssh launch script weighs <4k. Try downloading this hat along with all the sed * files for analysis, then remove and reinstall ssh. - etki
  • one
    Yes, you did hack. I would roll back the entire virtual machine to any backup. - mantigatos

1 answer 1

as already discussed in the comments, judging by the information given in the picture, the car is hacked.

in particular, instead of the /etc/init.d/ssh startup script, there is a binary file of unknown origin, and it’s absolutely pointless to figure out why this binary file does not have enough RAM.